Old-School Pocket Schedule for Black Hat USA 2012

www.khanfu.com

Black Hat USA 2012 - Wednesday, July 25

00:00	Brocious	MY ARDUINO CAN BEAT UP YOUR HOTEL ROOM LOCK
08:50	Moss	Welcome & Introduction to Black Hat USA 2012
09:00	Henry	CHANGING THE SECURITY PARADIGM....TAKING BACK YOUR NETWORK AND BRINGING PAIN TO THE ADVERSARY
10:15	Granick, Moss, Ranum, Schneier, Shostack	SMASHING THE FUTURE FOR FUN AND PROFIT
	Lawler, Ridley	ADVANCED ARM EXPLOITATION
	Wojtczuk	A STITCH IN TIME SAVES NINE: A CASE OF MULTIPLE OPERATING SYSTEM VULNERABILITY
	Amit	SEXYDEFENSE - MAXIMIZING THE HOME-FIELD ADVANTAGE
	Pericin, Vuksan	FILE DISINFECTION FRAMEWORK: STRIKING BACK AT POLYMORPHIC VIRUSES
11:45	Kaminsky	BLACK OPS
	Rohlf	GOOGLE NATIVE CLIENT - ANALYSIS OF A SECURE BROWSER PLUGIN SANDBOX
	Moinard, Yann	HOW THE ANALYSIS OF ELECTRICAL CURRENT CONSUMPTION OF EMBEDDED SYSTEMS COULD LEAD TO CODE REVERSING?
	Weinmann	SCALING UP BASEBAND ATTACKS: MORE (UNEXPECTED) ATTACK SURFACE
	Mortman	THE DEFENSE RESTS: AUTOMATION AND APIS FOR IMPROVING SECURITY
	Argyroudis, Karamitas	EXPLOITING THE JEMALLOC MEMORY ALLOCATOR: OWNING FIREFOX'S HEAP
	Ristic	CONFESSIONS OF A WAF DEVELOPER: PROTOCOL-LEVEL EVASION OF WEB APPLICATION FIREWALLS
14:15	Marqis-Boire	CUTECATS.EXE AND THE ARAB SPRING
	Barnett, Wroblewski	MODSECURITY AS UNIVERSAL CROSS-PLATFORM WEB PROTECTION TOOL
	Weber	LOOKING INTO THE EYE OF THE METER
	Miller	DON'T STAND SO CLOSE TO ME: AN ANALYSIS OF THE NFC ATTACK SURFACE
	Denning, Kohno, Shostack	CONTROL-ALT-HACK(TM): WHITE HAT HACKING FOR FUN AND PROFIT (A COMPUTER SECURITY CARD GAME)
	Serna	THE INFO LEAK ERA ON SOFTWARE EXPLOITATION
	Bertacco	TORTURING OPENSSL
14:35	Leverett	THE LAST GASP OF THE INDUSTRIAL AIR-GAP...
	Katz, Soler	HTEXPLOIT BYPASSING HTACCESS RESTRICTIONS
14:55	Barnum	STIX: THE STRUCTURED THREAT INFORMATION EXPRESSION
	Galbreath	LIBINJECTION: A C LIBRARY FOR SQLI DETECTION AND GENERATION THROUGH LEXICAL ANALYSIS OF REAL WORLD ATTACKS
15:30	Jericho	ERRATA HITS PUBERTY: 13 YEARS OF CHAGRIN
	Argyros, Cesare	PRNG: PWNING RANDOM NUMBER GENERATORS (IN PHP APPLICATIONS)
	Mandt, Valasek	WINDOWS 8 HEAP INTERNALS
	Mulliner	PROBING MOBILE OPERATOR NETWORKS
	Flynn	INTRUSION DETECTION ALONG THE KILL CHAIN: WHY YOUR DETECTION SYSTEM SUCKS AND WHAT TO DO ABOUT IT
	Forshaw	ARE YOU MY TYPE? - BREAKING .NET SANDBOXES THROUGH SERIALIZATION
	Fleischer	WEB TRACKING FOR YOU
17:00	Ritter, Stamos	THE MYTH OF TWELVE MORE BYTES: SECURITY ON THE POST-SCARCITY INTERNET
	Alonso	OWNING BAD GUYS {AND MAFIA} WITH JAVASCRIPT BOTNETS
	Galbally	GHOST IS IN THE AIR(TRAFFIC)
	Percoco, Schulte	ADVENTURES IN BOUNCERLAND
	Johnson, Miller	EXPLOIT MITIGATION IMPROVEMENTS IN WIN 8
	Nils, Vega	PINPADPWN
	Santamarta	HERE BE BACKDOORS: A JOURNEY INTO THE SECRETS OF INDUSTRIAL FIRMWARE
	Galbally	FROM THE IRISCODE TO THE IRIS: A NEW VULNERABILITY OF IRIS RECOGNITION SYSTEMS

Black Hat USA 2012 - Thursday, July 26

09:00	Stephenson	AN INTERVIEW WITH NEAL STEPHENSON
10:15	Schneier	TRUST, SECURITY, AND SOCIETY
	Shah	HTML5 TOP 10 THREATS – STEALTH ATTACKS AND SILENT EXPLOITS
	Branco	A SCIENTIFIC (BUT NON ACADEMIC) STUDY OF HOW MALWARE EMPLOYS ANTI-DEBUGGING, ANTI-DISASSEMBLY AND ANTI-VIRTUALIZATION TECHNOLOGIES
	Grier	CATCHING INSIDER DATA THEFT WITH STOCHASTIC FORENSICS
	Pan, Tsai	THE SUBWAY LINE 8 - EXPLOITATION OF WINDOWS 8 METRO STYLE APPS
	De Atley	IOS SECURITY
	Campbell, Duckwall	STILL PASSING THE HASH 15 YEARS LATER? USING THE KEYS TO THE KINGDOM TO ACCESS ALL YOUR DATA
11:45	Weatherford	THE CHRISTOPHER COLUMBUS RULE AND DHS
	Carettoni	AMF TESTING MADE EASY!
	K	DE MYSTERIIS DOM JOBSIVS: MAC EFI ROOTKITS
	Litchfield	FIND ME IN YOUR DATABASE: AN EXAMINATION OF INDEX SECURITY
	Kohlenberg, Shkatov	WE HAVE YOU BY THE GADGETS
	Esser	IOS KERNEL HEAP ARMAGEDDON REVISITED
	Oh	RECENT JAVA EXPLOITATION TRENDS AND MALWARE
14:15	Clark	LEGAL ASPECTS OF CYBERSPACE OPERATIONS
	Shekyan, Toukharian	HACKING WITH WEBSOCKETS
	Strazzere	DEX EDUCATION: PRACTICING SAFE DEX
	Holeman	PASSIVE BLUETOOTH MONITORING IN SCAPY
	Hannay	EXCHANGING DEMANDS
	Diquet, Osborne	WHEN SECURITY GETS IN THE WAY: PENTESTING MOBILE APPS THAT USE CERTIFICATE PINNING
	Sabanal, Yason	DIGGING DEEP INTO THE FLASH SANDBOXES
	Gunter, S	SNSCAT: WHAT YOU DON'T KNOW ABOUT SOMETIMES HURTS THE MOST
14:35	Patten, Steele	SYNFUL DECEIT, STATEFUL SUBTERFUGE
	Cui	EMBEDDED DEVICE FIRMWARE VULNERABILITY HUNTING USING FRAK
14:55	Claudius, Reynolds	STAMP OUT HASH CORRUPTION, CRACK ALL THE THINGS
	Lanier, Reiter	MAPPING AND EVOLUTION OF ANDROID PERMISSIONS
15:30	Aldridge	TARGETED INTRUSION REMEDIATION: LESSONS FROM THE FRONT LINES
	Brashars, Purviance	BLENDED THREATS AND JAVASCRIPT: A PLAN FOR PERMANENT NETWORK COMPROMISE
	Brossard	HARDWARE BACKDOORING IS PRACTICAL
	Cesare	CLONEWISE - AUTOMATED PACKAGE CLONE DETECTION
	Oi	WINDOWS PHONE 7 INTERNALS AND EXPLOITABILITY
	Dubik, Engler, Law, Vo	IOS APPLICATION SECURITY ASSESSMENT AND AUTOMATION: INTRODUCING SIRA
	Cutlip	SQL INJECTION TO MIPS OVERFLOWS: ROOTING SOHO ROUTERS
17:00	Philput	HACKING THE CORPORATE MIND: USING SOCIAL ENGINEERING TACTICS TO IMPROVE ORGANIZATIONAL SECURITY ACCEPTANCE
	Jones	STATE OF WEB EXPLOIT TOOLKITS
	Royal, Song	FLOWERS FOR AUTOMATED MALWARE ANALYSIS
	Chastuhin, Polyakov	SSRF VS. BUSINESS CRITICAL APPLICATIONS
	Cerrudo	EASY LOCAL WINDOWS KERNEL EXPLOITATION
	Rowley	HOW MANY BRICKS DOES IT TAKE TO CRACK A MICROCELL?
	Linn, Ocepek	HOOKIN' AIN'T EASY: BEEF INJECTION WITH MITM

Instructions

This "Old School" schedule is an automatically-generated evolution of a manually-generated hack Darth Null has been using at ShmooCon since 2007. It won't work too well for a large conference, like DEFCON, but for smaller events like ShmooCon or BlackHat DC, it might be useful.

Simply print this out at whatever scale is most helpful to you. For example, for ShmooCon: print at 65%, fold Friday and Sunday back behind Saturday, and laminate, for a two-sided 3" x 4" card that you can keep in your shirt pocket.